需求描述:192.168.31.10服务器的yunwei账号,想要免密登陆到192.168.31.15服务器上。
直接ssh root@192.168.31.15这样登陆,不用输入密码。
实现:
1、在10机器上,创建运维账号。
1 2 3 4 5 6 | [root@docker01 ~]# id yunwei 检查yunwei账号是否存在id: yunwei: no such user[root@docker01 ~]# useradd yunwei 创建yunwei账号[root@docker01 ~]# su - yunwei 切换到yunwei账号[yunwei@docker01 ~]$ pwd/home/yunwei |
2、在yunwei账号下创建密钥
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | [yunwei@docker01 ~]$ ssh-keygen 创建密钥,一路回车Generating public/private rsa key pair.Enter file in which to save the key (/home/yunwei/.ssh/id_rsa):Created directory '/home/yunwei/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/yunwei/.ssh/id_rsa.Your public key has been saved in /home/yunwei/.ssh/id_rsa.pub.The key fingerprint is:SHA256:kLXaRvzgGOqF62RyGWKGUekspD39l0pudQBt1MQp3NU yunwei@docker01The key's randomart image is:+---[RSA 2048]----+| .. +o=.o.. || o. .+=.= E ||++ . +o=. ||oo= .o O.o ||..+.+.+ So. || o o =o.+ . || . Bo + . || * + || .. |+----[SHA256]-----+检查密钥是否创建成功[yunwei@docker01 ~]$ pwd/home/yunwei[yunwei@docker01 ~]$ ll -atotal 12drwx------. 5 yunwei yunwei 103 Mar 25 23:18 .drwxr-xr-x. 16 root root 177 Mar 25 23:17 ..-rw-r--r--. 1 yunwei yunwei 18 Mar 31 2020 .bash_logout-rw-r--r--. 1 yunwei yunwei 193 Mar 31 2020 .bash_profile-rw-r--r--. 1 yunwei yunwei 231 Mar 31 2020 .bashrcdrwxrwxr-x. 3 yunwei yunwei 18 Mar 25 23:17 .cachedrwxrwxr-x. 3 yunwei yunwei 18 Mar 25 23:17 .configdrwx------. 2 yunwei yunwei 38 Mar 25 23:18 .ssh[yunwei@docker01 ~]$ cd .ssh/[yunwei@docker01 .ssh]$ lsid_rsa id_rsa.pub |
3、复制密钥到15服务器
1 2 3 4 5 6 7 8 9 10 11 12 | [yunwei@docker01 .ssh]$ ssh-copy-id root@192.168.31.15 复制密钥到15机器/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/yunwei/.ssh/id_rsa.pub"The authenticity of host '192.168.31.15 (192.168.31.15)' can't be established.ECDSA key fingerprint is SHA256:v3zhW/rvSt+T7QfAnIDIiHhbALRLNiLzl8Hg3TAZQCA.ECDSA key fingerprint is MD5:cf:b8:e1:f6:a5:61:60:f0:77:aa:f3:76:ab:d2:ce:9b.Are you sure you want to continue connecting (yes/no)? yes/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.31.15's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.31.15'"and check to make sure that only the key(s) you wanted were added. |
4、验证免密登陆
1 2 | [yunwei@docker01 .ssh]$ ssh root@192.168.31.15Last login: Sun Mar 26 11:21:02 2023 from 192.168.31.1 |
补充:优化密钥创建方式,免交互创建密钥
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [yunwei@docker01 .ssh]$ ssh-keygen -P '' -f id_rsa 免交互方式,创建密钥Generating public/private rsa key pair.Your identification has been saved in id_rsa.Your public key has been saved in id_rsa.pub.The key fingerprint is:SHA256:hXuSBtV1o1D1PfIyG/+iC1IFnZh8Q3NGf5eiuQ8IExQ yunwei@docker01The key's randomart image is:+---[RSA 2048]----+| EoooB=+B || .. .=o=* +o|| ... ..o+ o*|| ..+ .o + +|| oS oo + . || .o+. . * || ...o . . || . .o . .|| o+ ..|+----[SHA256]-----+[yunwei@docker01 .ssh]$ lsid_rsa id_rsa.pub known_hosts |
参数说明:
-t 指定要创建的密钥类型
dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | RSA
可能的值为“dsa”、“ecdsa”、“ecdsa-sk”、“ed25519”、“ed25519-sk”或“rsa”。
当使用 RSA CA 密钥签署证书时,此标志还可用于指定所需的签名类型。可用的 RSA 签名变体是“ssh-rsa”(SHA1 签名,不推荐)、“rsa-sha2-256”和“rsa-sha2-512”(默认值)
-P 密码
提供(旧)密码。
这里的密码,是密钥的密码,不是远程主机的密码,随便设置。但是,这就失去了免密登陆的意义。因为,设置了这个后,登陆远程主机时,就必须输入密钥密码。
所以,一般这个指指定为空即可。
-f 文件名
指定密钥文件的文件名
这里的文件名,必须指定为id_rsa,不然,把密钥推送到目标机器,依然无法实现免密登陆。
总结:
就三个命令
1 2 3 | cd 进入当前账号家目录ssh-keygen 连续三次回车 ssh-copy-id 192.168.31.15 复制公钥到hadoop104服务器,这样,就可以免密访问hadoop104服务器 |
这里用户账号省略,则使用当前账号进行免密登陆
比如,当前账号是test
1 | ssh-copy-id 192.168.31.15 等价与 ssh-copy-id test@192.168.31.15 |
实现的效果是,当前服务器的test账号可以免密登陆15服务器的test账号
参考资料:https://www.cnblogs.com/dirigent/p/16636545.html
到此这篇关于Linux实现免密登录的配置方法的文章就介绍到这了,更多相关Linux免密登录内容请搜索IT俱乐部以前的文章或继续浏览下面的相关文章希望大家以后多多支持IT俱乐部!
